In my experience Firestarter is a effective firewall and, on Linux, it starts automatically every time we boot up Ubuntu. But, when I decided to use a VPN tunnel through openvpn, I had some connection problems. In fact I was able to initialize my VPN services but, after a while, all the internet connections were mysteriously shut down.
The “problem” was Firestarter which cut off the connection as forbidden considering my inbound/outbound Policy.
To solve this matter you have to open a tunnel on Firestarter to allow VPN working:
1- open the configuration file my VPN provider gives to its users (generally its a text file containing all the configuration info used, in my case, by openvpn) and I searched for the IP address of the default starting connection used to authenticate the VPN services (e.g. 177.458.563.25). Save somewhere or memorize this VPN IP address.
2- open a Terminal and type:
3- using nautilus go to File System (it’s before home folder) and open etc–>firestarter and open the file user-pre using Gedit (or your preferred text editor)
4- the user-pre file is usually empty so don’t panic and write these lines into it:
iptables -A INPUT -j ACCEPT -s xxx.xxx.xxx.xxx -p esp iptables -A INPUT -j ACCEPT -s xxx.xxx.xxx.xxx -p udp -m multiport -sports isakmp,10000 iptables -A INPUT -j ACCEPT -i tun+ iptables -A OUTPUT -j ACCEPT -d xxx.xxx.xxx.xxx -p esp iptables -A OUTPUT -j ACCEPT -d xxx.xxx.xxx.xxx -p udp -m multiport -dports isakmp,10000 iptables -A OUTPUT -j ACCEPT -o tun+
Now you have to substitute the xxx.xxx.xxx.xxx with the VPN IP address you have found at step 1 (in my example was 177.458.563.25).
5- Save the user-pre file and close Gedit and Nautilus
6- open a new Terminal and restart Firestarter typing:
sudo /etc/init.d/firestarter restart
As we already discussed many times in this blog, we know that web security is something very difficult to reach but we can always try to improve our security when surfing into the web.
First of all, use Firefox! Do it! In my opinion it’s slower than Chrome but very “transparent” and so you have less risks to unintentionally share information you want to keep private. In my experience, Firefox could be safer than Chrome if you use the right adds-on.
This add-on (for Firefox and Chrome) will automatically connect your browser to the https version of many websites contained in its “Rule list”. The number of https connections in the HTTPS Everywhere’s list is sufficiently wide and you can always decide to manually add new https addresses (more info) as in the following example:
<target host=”www.google.com” />
<target host=”google.com” />
<rule from=”^http://(www\.)?google\.com/” to=”https://google.com/”/>
If you prefer to save time and you don’t want to write some lines for every website you prefer to connect through https, you will install another add-on: HTTPS Finder. HTTPS Finder is perfectly interconnected with HTTPS Everywhere and it will try to reach every website you type into the address bar, using a https connection. If it finds a valid https website, it will ask you if you want to add a specific rule into HTTPS Everywhere rule list. At this point you have only to agree and the new rule will be stored in the list.
During the past weeks, we read many posts and articles about the new privacy rules that Google introduced for its web services. The goal of this specific post is not about discussing privacy agreements and the many interesting points of view about this kind of topics but we would like to focus your attention on a couple of ”tricks” which can help you to increase the privacy level.
First of all, you can decide to use an alternative search engine which doesn’t log your activity and it is not possible to define your profile about your web activities.
Privatelee has been developed to offer better privacy to people who prefer not to have their web searches automatically analyzed by google.com.
This search engine can work on https mode and its search results are the mix between external search such as Google and Bing. You can also decide to use just one web engine or both. Comparing the results obtained we can affirm that Privatelee is really very effective and offers the same main features of Google and Bing.
Startpage is based on Google and has many flexible features that can be selected using the “settings” page. This particular search engine deletes all the logs after 48 hours and you can anonymously visualize images and videos or define how to manage cookies. Moreover, Startpage allows you to save your settings without using cookies.
As for Privatelee, please be sure to type https and not a ”simple” http when you insert Startpage address in the bar.
Secondly, if you use Firefox, you can use a specific add-on TrackMeNot. TrackMeNot is a simple but useful add-on you can install on Firefox to obfuscate user search data profiler on Google, Bing, Yahoo, Baidu and others. TrackMeNot automatically issues random queries on the main search engines using a list a generic list of words. In this way, search engines are not able to create a real profile about you as web user. Your real searches will be just few between the hundreds fictionally created by TrackMeNot. TrackMeNot is completely configurable: you can choose the query frequency or define the klog of your automatic queries. By default, TrackMeNot uses the words contained in the RSS of four primary websites: The New York Times, CNN, MSNBC and The Register.
What about listening to Pandora or other USA IP-based online music services if you are not into the USA? There are many add-on for Firefox which can help you to use the right proxy for appearing in different places in the world but, in my experience, you can have some difficulties when you try to use them.
In fact the IPs of free proxies change frequently and sometimes you are obliged to spend a lot of time searching for the right IP of free proxies. Other times the free proxy addresses are so overcrowded that you have to wait many seconds before you can visualize webpages.
One exception is anonymoX, a simple add-on for Firefox which always works properly and assure a good connection speed. AnonymoX has two different service levels, the free basic service has fewer features but it really works properly and it’s fast.
With the free level you can choose your favourite IP exit country between USA, UK and NL. You can also decide if you prefer to stealth your web surfing using anonymoX features or the classic TOR servers. Moreover, you can change your fictional ID every times you want also while you are surfing the web.
During all our tests anonymoX was able to assure us a good surfing privacy, in particular we successfully tried to change browser id and we really appreciated the possibility of visiting .onion websites through the Tor option. Recommended!!!